grub

Merge ~mfo/grub:lp1987567 into ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu

  1. Git
  2. lp:~mfo/grub
  3. lp1987567
  4. Merge into ubuntu
Proposed by Mauricio Faria de Oliveira
Status: Merged
Merged at revision: 47a3d1d5e93e54de7f184a4b3cf43465b42959dc
Proposed branch: ~mfo/grub:lp1987567
Merge into: ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu
Diff against target: 224 lines (+204/-0)
3 files modified
debian/patches/linux_xen-Properly-load-multiple-initrd-files.patch (+123/-0)
debian/patches/linux_xen-Properly-order-multiple-initrd-files.patch (+79/-0)
debian/patches/series (+2/-0)
Reviewer Review Type Date Requested Status
Julian Andres Klode Needs Fixing
Review via email: mp+428882@code.launchpad.net

Description of the change

Fixes for grub's xen template to properly handle multiple initrd files
(e.g., /boot/microcode.cpio if present, and /boot/initrd.img-VERSION).

To post a comment you must log in.
Revision history for this message
Julian Andres Klode (juliank) wrote :

Please remove the changelog entry and make sure that the patch series is exported cleanly used gbp pq and does not have hand edited patches.

review: Needs Fixing
Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :

Hi Julian! Thanks for reviewing.

Changelog entry removed (should regenerate nicely with `gbp dch`).

Hmm, I did export the patch series with `gbp pq`
(`gbp pq apply` + `git commit --amend` for DEP3/LP: #/Gbp-Pq: Name
for both patches, then `gbp pq export`.)

Could you please clarify what exactly is off / I added incorrectly?

Thanks again,
Mauricio

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/patches/linux_xen-Properly-load-multiple-initrd-files.patch b/debian/patches/linux_xen-Properly-load-multiple-initrd-files.patch
0new file mode 1006440new file mode 100644
index 0000000..b0bb155
--- /dev/null
+++ b/debian/patches/linux_xen-Properly-load-multiple-initrd-files.patch
@@ -0,0 +1,123 @@
1From: Mauricio Faria de Oliveira <mfo@canonical.com>
2Date: Sat, 6 Aug 2022 20:46:48 -0300
3Subject: templates/linux_xen: Properly load multiple initrd files
4MIME-Version: 1.0
5Content-Type: text/plain; charset="utf-8"
6Content-Transfer-Encoding: 8bit
7
8The linux_xen template can put multiple initrd files in the
9same multiboot[2] module[2] command, which is against specs.
10
11This causes ONLY the _first_ initrd file to be loaded; other
12files just have filenames in a "cmdline" string of the first
13initrd file and are NOT loaded.
14
15Fix this by inserting a module[2] command per initrd file.
16
17Before:
18
19 # touch /boot/xen /boot/microcode.cpio
20 # grub-mkconfig 2>/dev/null | grep -P '^\t(multiboot|module)'
21 multiboot /boot/xen ...
22 module /boot/vmlinuz-5.4.0-122-generic ...
23 module --nounzip /boot/microcode.cpio /boot/initrd.img-5.4.0-122-generic
24
25After:
26
27 # touch /boot/xen /boot/microcode.cpio
28 # grub-mkconfig 2>/dev/null | grep -P '^\t(multiboot|module)'
29 multiboot /boot/xen ...
30 module /boot/vmlinuz-5.4.0-122-generic ...
31 module --nounzip /boot/microcode.cpio
32 module --nounzip /boot/initrd.img-5.4.0-122-generic
33
34Cause:
35
36The code was copied from the linux template, which is *apparently*
37equivalent.. but its backing command grub_cmd_initrd() *supports*
38multiple files (see grub_initrd_init()), while grub_cmd_module()
39*does not* (see grub_multiboot[2]_add_module()).
40
41See commit e86f6aafb8de ("grub-mkconfig/20_linux_xen: Support multiple early initrd images"):
42 'This is basically a copy of a698240d "grub-mkconfig/10_linux:
43 Support multiple early initrd images" ...'
44
45Specs:
46
47Both multiboot and multiboot2 specifications mention support for
48'multiple boot modules' (struct/tag used for kernel/initrd files):
49
50 "Boot loaders don’t have to support multiple boot modules,
51 but they are strongly encouraged to" [1,2]
52
53However, there is a 1:1 relationship between boot modules and files,
54more or less clearly; note the usage of singular/plural "module(s)".
55(Multiboot2, clearly: "One tag appears per module".)
56
57 Multiboot [1]:
58
59 "the ‘mods’ fields indicate ... what boot modules
60 were loaded ..., and where they can be found.
61 ‘mods_count’ contains the number of modules loaded"
62
63 "The first two fields contain the start and end addresses
64 of the boot module itself."
65
66 Multiboot2 [2]:
67
68 "This tag indicates ... what boot module was loaded ...,
69 and where it can be found."
70
71 "The ‘mod_start’ and ‘mod_end’ contain the start and end
72 physical addresses of the boot module itself."
73
74 "One tag appears per module.
75 This tag type may appear multiple times."
76
77And both clearly mention the 'string' field of a boot module,
78which is to be used by the operating system, not boot loader:
79
80 "The ‘string’ field provides an arbitrary string to be
81 associated with that particular boot module ...
82 its exact use is specific to the operating system."
83
84Links:
85
86[1] https://www.gnu.org/software/grub/manual/multiboot/multiboot.html
87 3.3 Boot information format
88
89[2] https://www.gnu.org/software/grub/manual/multiboot2/multiboot.html
90 3.6.6 Modules
91
92Fixes: e86f6aafb8de ("grub-mkconfig/20_linux_xen: Support multiple early initrd images")
93
94Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
95
96Bug-Ubuntu: https://bugs.launchpad.net/bugs/1987567
97Origin: backport, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b4b4acaf4ec7af1a78d122c10baed4e85187e2a5
98[mfo: backport: refresh lower context lines.]
99LP: #1987567
100---
101 util/grub.d/20_linux_xen.in | 6 +++---
102 1 file changed, 3 insertions(+), 3 deletions(-)
103
104diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
105index a12780e..6f38c5d 100644
106--- a/util/grub.d/20_linux_xen.in
107+++ b/util/grub.d/20_linux_xen.in
108@@ -166,12 +166,12 @@ EOF
109 message="$(gettext_printf "Loading initial ramdisk ...")"
110 initrd_path=
111 for i in ${initrd}; do
112- initrd_path="${initrd_path} ${rel_dirname}/${i}"
113- done
114- sed "s/^/$submenu_indentation/" << EOF
115+ initrd_path="${rel_dirname}/${i}"
116+ sed "s/^/$submenu_indentation/" << EOF
117 echo '$(echo "$message" | grub_quote)'
118 ${module_loader} --nounzip $(echo $initrd_path)
119 EOF
120+ done
121 fi
122 if ${xsm} && test -n "${xenpolicy}" ; then
123 message="$(gettext_printf "Loading XSM policy ...")"
diff --git a/debian/patches/linux_xen-Properly-order-multiple-initrd-files.patch b/debian/patches/linux_xen-Properly-order-multiple-initrd-files.patch
0new file mode 100644124new file mode 100644
index 0000000..2e38f3b
--- /dev/null
+++ b/debian/patches/linux_xen-Properly-order-multiple-initrd-files.patch
@@ -0,0 +1,79 @@
1From: Mauricio Faria de Oliveira <mfo@canonical.com>
2Date: Sat, 6 Aug 2022 22:07:58 -0300
3Subject: templates/linux_xen: Properly order the multiple initrd files
4
5The linux_xen template orders the "early" initrd file(s) _first_
6(i.e., before the "real" initrd files) and that seems reasonable,
7as microcode updates usually come first.
8
9However, this usually breaks Linux boot with initrd under Xen
10because Xen assumes the real initrd is the first multiboot[2]
11module after the kernel, passing its address over to Linux.
12
13So, if a microcode-only initrd (i.e., without init/userspace)
14is found by grub-mkconfig, it ends up considered as a normal
15initrd by the Linux kernel, which cannot do anything with it
16(as it has no other files) and panic()s unable to mount root
17if it depends on a initrd to do that (e.g., root=UUID=...).
18
19...
20
21Well, since Xen doesn't actually use the provided microcode
22by default / unless the 'ucode=<module number|scan>' option
23is enabled, this isn't used in the general case (and breaks).
24
25Additionally, if an user enables the 'ucode=' option, that
26either specifies which module is to be used for microcode,
27or scans all modules (regardless of being first) for that.
28
29Thus, for Xen:
30- it is *not required* to have microcode first,
31- but it is *required* to have real initrd first
32
33So, fix it by ordering the real initrd before early initrd(s).
34
35...
36
37Corner case specific to Xen implementation details:
38
39It is actually _possible_ to have a microcode initrd first,
40but that requires a non-default option (so can't rely on it),
41and it turns out to be inconsistent with its counterpart
42(really shouldn't rely on it, as it may get confusing; below).
43
44'ucode=1' does manually specify the first module is microcode
45_AND_ clears its bit in the module bitmap. The next module is
46now the 'new first', and gets passed to Linux as initrd. Good.
47
48'ucode=scan' checks all modules for microcode, but does _NOT_
49clear a bit if it finds one (reasonable, as it can find that
50prepended in a "real" initrd anyway, which needs to be used).
51The first module still gets passed to Linux as initrd. Bad.
52
53Fixes: e86f6aafb8de ("grub-mkconfig/20_linux_xen: Support multiple early initrd images")
54
55Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
56
57Bug-Ubuntu: https://bugs.launchpad.net/bugs/1987567
58Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=18d8eafdea2322dc80c37e826a75e4d62094fecc
59LP: #1987567
60---
61 util/grub.d/20_linux_xen.in | 5 ++++-
62 1 file changed, 4 insertions(+), 1 deletion(-)
63
64diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
65index 6f38c5d..0629890 100644
66--- a/util/grub.d/20_linux_xen.in
67+++ b/util/grub.d/20_linux_xen.in
68@@ -304,7 +304,10 @@ while [ "x${xen_list}" != "x" ] ; do
69
70 initrd=
71 if test -n "${initrd_early}" || test -n "${initrd_real}"; then
72- initrd="${initrd_early} ${initrd_real}"
73+ # Xen assumes the real initrd is the first module after the kernel.
74+ # Additional (later) initrds can also be used for microcode update,
75+ # with Xen option 'ucode=<scan|module number> (non-default anyway).
76+ initrd="${initrd_real} ${initrd_early}"
77
78 initrd_display=
79 for i in ${initrd}; do
diff --git a/debian/patches/series b/debian/patches/series
index 091eccf..39d91e4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -159,3 +159,5 @@ ubuntu-disable-LOAD-FILE2-protocol-for-initrd-on-ARM.patch
1590159-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch1590159-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
1600160-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch1600160-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
1610161-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch1610161-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
162linux_xen-Properly-load-multiple-initrd-files.patch
163linux_xen-Properly-order-multiple-initrd-files.patch

Subscribers

People subscribed via source and target branches